Over time, environmental complexity increases the probability of failures, dependence on IT increases the impact of those failures that occur, and increased visibility amplifies their impact. While the number and impact of potential failures are rising, IT directly controls less of the infrastructure, has less time to react, and is less able to apply traditional risk management methods to deal with the risk of failure.

We recommend that operations integrate risk management into decision-making in the same way it has already integrated such critical factors as time, money, and labor.

• Risk management should be integrated into operations decision-making in every job function and role.
  
• Risk management should be taken seriously and given an appropriate amount of effort and formality.
  
• Management at all levels should encourage the view that identifying risks is a positive activity that is crucial to an effective risk-management process.
  
• Risk management should be performed continuously to ensure that operations deals with the risks that are relevant today, not just the ones that were relevant last quarter.
  

Fortunately, formalizing risk management practices is an achievable goal. Organizations can enhance the achievement of this goal by fostering a "risk management culture," as described in the next section.